Windows Azure Active Directory Service Now Available

Microsoft announced today that its Windows Azure Active Directory (WAAD) service is ready for business.

The cloud-based identity management solution has moved from a preview stage to "general availability" as a commercial service for use by organizations. WAAD can be used by IT pros to manage user access to business apps or third-party services.

Another option is to use Active Directory in Windows Azure virtual machines. The advantages of a cloud-based WAAD or using Active Directory in a virtual machine is that it adds redundancy and disaster recovery capabilities, according to Thomas W. Shinder, principal knowledge engineer for the SCD iX Solutions Group, in a Microsoft blog post. There also may be an improvement across branch offices in terms of log-in response times, he explained.

Microsoft provides an outline of the steps needed to set up the WAAD service and sync it with a local Active Directory in this blog post. WAAD is available to all Windows Azure customers. This release of WAAD includes SAML 2.0 support, which enables single sign-on capabilities from mobile or Web applications. Microsoft plans to add a preview of OAuth 2.0 support in the next few days.

In related news, Microsoft indicated today that it had released a public preview version of the Windows Azure Management Pack for System Center 2012 Service Pack 1. The management pack lets IT professionals manage some Windows Azure resources. However, it was hard to find a link to it at press time.

The WAAD service is already being used by Microsoft's Office 365 customers, as well those tapping Microsoft's Windows Azure, Dynamics CRM or Windows Intune. Microsoft claims that there is no extra cost for using WAAD with these cloud-based Microsoft services.

Microsoft has announced various WAAD improvements of late. The effort has involved reengineering Active Directory for the scale-out world of cloud computing, which involved some reengineering efforts. For this general availability release, Microsoft described two "new" features. First, Windows Azure customers that used Microsoft accounts to log into Windows Azure can now add WAAD capability. Second, granting and revoking application directory access has been simplified with the new WAAD release, according to Microsoft's announcement.

Microsoft added single sign-on and federation improvements in November, which improved AD coordination between Microsoft's cloud and customer premises servers. For instance, changes made using Active Directory in a local Windows Server computing environment can be synched up to the Windows Azure cloud, so removing a user locally will cut off that person from accessing the Windows Azure Management Portal. Two-factor authentication policies can be set from Active Directory in the local environment, and those changes will apply to the cloud environment as well.

Microsoft claims that the WAAD preview version got tested by more than 3,500 companies before hitting commercial status. The WAAD service runs from 14 datacenters located across the United States, Asia and Europe, according to the company.

Microsoft claims 99.97 percent monthly availability for WAAD. Windows Azure as a "cloud operating system" consists of various services, but it isn't flawless. In February, the Windows Azure storage service had an outage that lasted nearly a day.